from the Google Security Team discovered that the Evince documentviewer made insecure use of tar when opening tar comic book archives(CBT). Opening a malicious CBT archive could result in the executionof arbitrary code. This update disables the CBT format entirely.

For Debian 7 "Wheezy", these problems have been fixed in version3.4.0-3.1+deb7u1.

We recommend that you upgrade your evince packages.

Further information about Debian LTS security advisories, how to applythese updates to your system and frequently asked questions can befound at: https://wiki.debian.org/LTS